Security &
Data Privacy
Axiorad runs all radar coverage calculations entirely in your browser. Your radar parameters, RF configurations, and coverage results never leave your device.
This architecture was chosen specifically for defence, government, and critical infrastructure users who cannot transmit sensitive operational data to external servers. The only network traffic consists of terrain elevation tiles, map imagery, and authentication tokens.
Client-Side Processing Architecture
Everything inside the green boundary stays on your machine. Only the amber items cross the network — and none of them contain your radar configurations or analysis results.
Frequency, power, gain, position
Web Worker + WebGL kernels
Signal strength, Pd, path loss
GeoTIFF, KML, GeoJSON, CSV
Terrain tiles (inbound only)
Mapbox imagery (inbound only)
Clerk session management
Stripe (direct, not via us)
What Stays Local, What Crosses the Network
Complete inventory of data categories and whether they leave your device. Your sensitive radar configurations and analysis results are always local.
| Data Category | Leaves Device? | Destination | Notes |
|---|---|---|---|
| Radar positions & coordinates | NO | — | Stored only in browser memory and IndexedDB |
| RF parameters (frequency, power, gain) | NO | — | Never transmitted; used only by local calculation engine |
| Coverage calculation results | NO | — | Computed and rendered entirely in your browser |
| Exported files (GeoTIFF, KML, CSV) | NO | — | Generated client-side; downloaded directly to your machine |
| Elevation data | YES | Mapbox / Google / SRTM | Inbound only — terrain tiles fetched by viewport coordinates |
| Map tiles | YES | Mapbox | Inbound only — standard map imagery for the visible area |
| Account information | YES | Clerk (auth provider) | Email, name, and session tokens for authentication |
| Payment information | YES | Stripe | Card details handled entirely by Stripe — never touch our servers |
| Datasheet parsing (opt-in) | YES | LLM provider (user-selected) | Only when you explicitly upload a datasheet for AI parsing |
| Contact form submissions | YES | Brevo (email) | Only the message you explicitly submit via /contact |
External Services & Compliance
Axiorad integrates with a minimal set of external services. Each has been selected for its security posture and compliance certifications. No service receives radar parameters or coverage results.
Clerk
SOC 2 Type IIAuthentication & user management
Stripe
PCI DSS Level 1Payment processing
Mapbox
SOC 2 Type IIMap tiles & elevation data
LLM Providers
Varies by provider (OpenAI, Anthropic, Google)Datasheet parameter extraction
Brevo
GDPR compliantTransactional email
Printable Security Statement
For procurement officers and IT security reviewers. This statement can be printed or saved as PDF for inclusion in security assessments.
Axiorad is a web-based radar coverage analysis and RF propagation planning tool. All coverage calculations, including propagation modeling, radar equation evaluation, and result rendering, execute entirely within the user's web browser using JavaScript and WebGL. No radar parameters, antenna configurations, site coordinates, or coverage results are transmitted to Axiorad servers or any third party.
The only data that crosses the network consists of: (1) terrain elevation tiles fetched from Mapbox, Google, or SRTM based on viewport coordinates; (2) map imagery tiles from Mapbox; (3) authentication session tokens managed by Clerk (SOC 2 Type II); and (4) payment processing handled directly by Stripe (PCI DSS Level 1). An optional AI datasheet parsing feature, which must be explicitly invoked by the user, transmits uploaded document content to the user's selected LLM provider.
This architecture ensures that sensitive operational data — including radar positions, detection capabilities, coverage gaps, and sensor network configurations — remains exclusively on the user's device throughout the analysis process. Users may verify this by inspecting network traffic in browser developer tools during operation.
Security FAQ
Can my IT team verify that data stays client-side?
Yes. Open your browser's Network tab (DevTools → Network) before running an analysis. You will see elevation tile requests to Mapbox and authentication tokens to Clerk, but zero outbound requests containing radar parameters, RF configurations, or coverage results. All calculation code runs as JavaScript/WebGL in your browser.
Can Axiorad work on air-gapped networks?
Partially. The core calculation engine runs client-side, but Axiorad requires internet connectivity for map tiles (Mapbox), elevation data, and user authentication (Clerk). For fully air-gapped environments, contact us via the contact form to discuss on-premises deployment options.
Is Axiorad ITAR controlled?
No. Axiorad is a general-purpose RF propagation analysis tool using publicly available ITU-R standard models (Longley-Rice ITM, COST-231 Hata, ITU-R P.1812-6). It does not contain classified algorithms, controlled technical data, or export-restricted technology. Users are responsible for ensuring their own input data and results comply with applicable export control regulations.
What about datasheet parsing — does that send data to a server?
Datasheet parsing is the only feature that transmits user-provided content to an external service. When you upload a radar datasheet, the document is sent to your selected LLM provider (OpenAI, Anthropic, or Google) for parameter extraction. This feature is entirely opt-in — you can manually enter all parameters instead. No datasheet content is stored on Axiorad servers.
Questions about security?
For security assessments, penetration test reports, or on-premises deployment discussions, contact our enterprise team directly.
Client-side architecture • SOC 2 compliant providers • No radar data transmitted